SIGN IN
SIGN IN

By using our site, you agree that we use cookies

How to Install Wireguard on Docker

Similar articles:
How to connect via SSH to CPanel virtual hosting using Putty? Install ffmpeg-php on Centos 7 and Ubuntu 20 Access to website folder via FTP on the server with Hestia panel VPN uses different protocols and ports for security and anonymity How to change the port for RDP connection on Windows Server
As you know, WireGuard is a VPN that allows us to securely tunnel both our personal network and surfing. This gives us secure and reliable Internet access from a smartphone or personal computer.

How to install it on a clean server can be found in this article.

In this tutorial, we'll look at how to install WireGuard in a Docker container using Docker Compose.


Let's install Docker.

But first, you need to update the OS packages.

apt update

Install the necessary packages and add a new repository:

apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt key add -

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Update the packages with the new repository:

apt update

Now let's install Docker itself.

apt-get install docker-ce docker-ce-cli containerd.io

Let's check the version:

docker --version

Check status:

systemctl status docker

If it did not start, then run:

systemctl start docker

And add to autorun.

systemctl enable docker



Install Docker Compose
For this project, version 1.25 will be enough for us.

curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin /docker-compose

Set permissions to launch.

chmod +x /usr/local/bin/docker-compose

Check how Docker-Compose was installed:

docker-compose --version



Add a Linux user to the docker group:

usermod -aG docker $USER

Let's create a *.yaml file for Docker-Compose.

In order to orient in the future in what we have installed, let's create a separate folder for this project in the /opt directory and go to it.

mkdir /opt/wireguard-server && cd /opt/wireguard-serve

You can also use your /home directory to host this and other projects.

Let's use the linuxserver repository to create the docker-compose.yaml file at https://hub.docker.com/r/linuxserver/wireguard

Create a docker-compose.yaml or docker-compose.yml file,

vim docker-compose.yaml

And add the following code to it:

version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      -NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Amsterdam
      - SERVERURL=auto
      - SERVERPORT=32334
      - PEERS=1
      - PEERDNS=1.1.1.1
      - INTERNAL_SUBNET=10.10.10.0
      - ALLOWEDIPS=0.0.0.0/0
      - LOG_CONFS=true
    volumes:
      - /opt/wireguard-server/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 32334:32334/udp
      - 51280:51280/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always

Where:

container_name: name of your container;
TZ=: time zone, you can change it to the desired one, but for anonymity it is better to leave Europe/Amsterdam;
SERVERPORT=: random port on which your VPN will work. It will also need to be registered in ports.
PEERS=: number of users. They can be increased to the required amount;
32334:32334/udp 51280:51280/udp - forwarded ports.

Run our script (to do this, you need to be in the directory where our file was created. In this case, it is /opt/wireguard-server/):

docker-compose up -d

We are waiting for the download of images, and deployment.

We check:

docker-compose ps

or

docker ps

You can also do this with one command in docker:


docker run -d \\
  --name=wireguard \\
  --cap-add=NET_ADMIN \\
  --cap-add=SYS_MODULE \\
  -e PUID=0 \\
  -e PGID=0 \\
  -e TZ=Europe/Amsterdam \\
  -e SERVERURL=auto \\
  -e SERVERPORT=32334 \\
  -e PEERS=1 \\
  -e PEERDNS=1.1.1.1 \\
  -e INTERNAL_SUBNET=10.10.10.0 \\
  -e ALLOWEDIPS=0.0.0.0/0 \\
  -e LOG_CONFS=true \\
  -p 32334:32334/udp \\
  -p 51280:51280/udp \\
  -v /opt/wireguard-server/config:/config \\
  -v /lib/modules:/lib/modules \\
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \\
  --restart always \\
  lscr.io/linuxserver/wireguard:latest


To generate a QR code for a smartphone:

docker exec -it wireguard /app/show-peer 1

Where:

1 is the first config/user.

Result:


All configuration files and QR codes are located in /opt/wireguard-server/config/peer*


How to create additional users.

To do this, you just need to change the PEERS directive in the docker-compose.yaml file

In order for the changes to be applied, we recreate our container:

docker-compose up -d --force-recreate

Also, for anonymity, disable ping on the host server:

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf

And apply the changes:

sysctl -p

Happy surfing.
Similar articles:
Install ffmpeg-php on Centos 7 and Ubuntu 20 | Zomro Using VPN Protocols and Ports for Security | Zomro How to change the port for RDP connection on Windows Server | Zomro